1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * pkey module sysfs related functions
4 *
5 * Copyright IBM Corp. 2024
6 */
7
8 #define KMSG_COMPONENT "pkey"
9 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
10
11 #include <linux/sysfs.h>
12
13 #include "zcrypt_ccamisc.h"
14 #include "zcrypt_ep11misc.h"
15
16 #include "pkey_base.h"
17
18 /*
19 * Wrapper around pkey_handler_gen_key() which deals with the
20 * ENODEV return code and then tries to enforce a pkey handler
21 * module load.
22 */
sys_pkey_handler_gen_key(u32 keytype,u32 keysubtype,u32 keybitsize,u32 flags,u8 * keybuf,u32 * keybuflen,u32 * keyinfo)23 static int sys_pkey_handler_gen_key(u32 keytype, u32 keysubtype,
24 u32 keybitsize, u32 flags,
25 u8 *keybuf, u32 *keybuflen, u32 *keyinfo)
26 {
27 int rc;
28
29 rc = pkey_handler_gen_key(NULL, 0,
30 keytype, keysubtype,
31 keybitsize, flags,
32 keybuf, keybuflen, keyinfo);
33 if (rc == -ENODEV) {
34 pkey_handler_request_modules();
35 rc = pkey_handler_gen_key(NULL, 0,
36 keytype, keysubtype,
37 keybitsize, flags,
38 keybuf, keybuflen, keyinfo);
39 }
40
41 return rc;
42 }
43
44 /*
45 * Sysfs attribute read function for all protected key binary attributes.
46 * The implementation can not deal with partial reads, because a new random
47 * protected key blob is generated with each read. In case of partial reads
48 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
49 */
pkey_protkey_aes_attr_read(u32 keytype,bool is_xts,char * buf,loff_t off,size_t count)50 static ssize_t pkey_protkey_aes_attr_read(u32 keytype, bool is_xts, char *buf,
51 loff_t off, size_t count)
52 {
53 struct protaeskeytoken protkeytoken;
54 struct pkey_protkey protkey;
55 int rc;
56
57 if (off != 0 || count < sizeof(protkeytoken))
58 return -EINVAL;
59 if (is_xts)
60 if (count < 2 * sizeof(protkeytoken))
61 return -EINVAL;
62
63 memset(&protkeytoken, 0, sizeof(protkeytoken));
64 protkeytoken.type = TOKTYPE_NON_CCA;
65 protkeytoken.version = TOKVER_PROTECTED_KEY;
66 protkeytoken.keytype = keytype;
67
68 protkey.len = sizeof(protkey.protkey);
69 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
70 protkey.protkey, &protkey.len,
71 &protkey.type);
72 if (rc)
73 return rc;
74
75 protkeytoken.len = protkey.len;
76 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
77
78 memcpy(buf, &protkeytoken, sizeof(protkeytoken));
79
80 if (is_xts) {
81 /* xts needs a second protected key, reuse protkey struct */
82 protkey.len = sizeof(protkey.protkey);
83 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
84 protkey.protkey, &protkey.len,
85 &protkey.type);
86 if (rc)
87 return rc;
88
89 protkeytoken.len = protkey.len;
90 memcpy(&protkeytoken.protkey, &protkey.protkey, protkey.len);
91
92 memcpy(buf + sizeof(protkeytoken), &protkeytoken,
93 sizeof(protkeytoken));
94
95 return 2 * sizeof(protkeytoken);
96 }
97
98 return sizeof(protkeytoken);
99 }
100
101 /*
102 * Sysfs attribute read function for the AES XTS prot key binary attributes.
103 * The implementation can not deal with partial reads, because a new random
104 * protected key blob is generated with each read. In case of partial reads
105 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
106 */
pkey_protkey_aes_xts_attr_read(u32 keytype,char * buf,loff_t off,size_t count)107 static ssize_t pkey_protkey_aes_xts_attr_read(u32 keytype, char *buf,
108 loff_t off, size_t count)
109 {
110 struct protkeytoken *t = (struct protkeytoken *)buf;
111 u32 protlen, prottype;
112 int rc;
113
114 switch (keytype) {
115 case PKEY_KEYTYPE_AES_XTS_128:
116 protlen = 64;
117 break;
118 case PKEY_KEYTYPE_AES_XTS_256:
119 protlen = 96;
120 break;
121 default:
122 return -EINVAL;
123 }
124
125 if (off != 0 || count < sizeof(*t) + protlen)
126 return -EINVAL;
127
128 memset(t, 0, sizeof(*t) + protlen);
129 t->type = TOKTYPE_NON_CCA;
130 t->version = TOKVER_PROTECTED_KEY;
131 t->keytype = keytype;
132
133 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
134 t->protkey, &protlen, &prottype);
135 if (rc)
136 return rc;
137
138 t->len = protlen;
139
140 return sizeof(*t) + protlen;
141 }
142
143 /*
144 * Sysfs attribute read function for the HMAC prot key binary attributes.
145 * The implementation can not deal with partial reads, because a new random
146 * protected key blob is generated with each read. In case of partial reads
147 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
148 */
pkey_protkey_hmac_attr_read(u32 keytype,char * buf,loff_t off,size_t count)149 static ssize_t pkey_protkey_hmac_attr_read(u32 keytype, char *buf,
150 loff_t off, size_t count)
151 {
152 struct protkeytoken *t = (struct protkeytoken *)buf;
153 u32 protlen, prottype;
154 int rc;
155
156 switch (keytype) {
157 case PKEY_KEYTYPE_HMAC_512:
158 protlen = 96;
159 break;
160 case PKEY_KEYTYPE_HMAC_1024:
161 protlen = 160;
162 break;
163 default:
164 return -EINVAL;
165 }
166
167 if (off != 0 || count < sizeof(*t) + protlen)
168 return -EINVAL;
169
170 memset(t, 0, sizeof(*t) + protlen);
171 t->type = TOKTYPE_NON_CCA;
172 t->version = TOKVER_PROTECTED_KEY;
173 t->keytype = keytype;
174
175 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_PROTKEY, 0, 0,
176 t->protkey, &protlen, &prottype);
177 if (rc)
178 return rc;
179
180 t->len = protlen;
181
182 return sizeof(*t) + protlen;
183 }
184
protkey_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)185 static ssize_t protkey_aes_128_read(struct file *filp,
186 struct kobject *kobj,
187 struct bin_attribute *attr,
188 char *buf, loff_t off,
189 size_t count)
190 {
191 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
192 off, count);
193 }
194
protkey_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)195 static ssize_t protkey_aes_192_read(struct file *filp,
196 struct kobject *kobj,
197 struct bin_attribute *attr,
198 char *buf, loff_t off,
199 size_t count)
200 {
201 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
202 off, count);
203 }
204
protkey_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)205 static ssize_t protkey_aes_256_read(struct file *filp,
206 struct kobject *kobj,
207 struct bin_attribute *attr,
208 char *buf, loff_t off,
209 size_t count)
210 {
211 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
212 off, count);
213 }
214
protkey_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)215 static ssize_t protkey_aes_128_xts_read(struct file *filp,
216 struct kobject *kobj,
217 struct bin_attribute *attr,
218 char *buf, loff_t off,
219 size_t count)
220 {
221 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
222 off, count);
223 }
224
protkey_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)225 static ssize_t protkey_aes_256_xts_read(struct file *filp,
226 struct kobject *kobj,
227 struct bin_attribute *attr,
228 char *buf, loff_t off,
229 size_t count)
230 {
231 return pkey_protkey_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
232 off, count);
233 }
234
protkey_aes_xts_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)235 static ssize_t protkey_aes_xts_128_read(struct file *filp,
236 struct kobject *kobj,
237 struct bin_attribute *attr,
238 char *buf, loff_t off,
239 size_t count)
240 {
241 return pkey_protkey_aes_xts_attr_read(PKEY_KEYTYPE_AES_XTS_128,
242 buf, off, count);
243 }
244
protkey_aes_xts_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)245 static ssize_t protkey_aes_xts_256_read(struct file *filp,
246 struct kobject *kobj,
247 struct bin_attribute *attr,
248 char *buf, loff_t off,
249 size_t count)
250 {
251 return pkey_protkey_aes_xts_attr_read(PKEY_KEYTYPE_AES_XTS_256,
252 buf, off, count);
253 }
254
protkey_hmac_512_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)255 static ssize_t protkey_hmac_512_read(struct file *filp,
256 struct kobject *kobj,
257 struct bin_attribute *attr,
258 char *buf, loff_t off,
259 size_t count)
260 {
261 return pkey_protkey_hmac_attr_read(PKEY_KEYTYPE_HMAC_512,
262 buf, off, count);
263 }
264
protkey_hmac_1024_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)265 static ssize_t protkey_hmac_1024_read(struct file *filp,
266 struct kobject *kobj,
267 struct bin_attribute *attr,
268 char *buf, loff_t off,
269 size_t count)
270 {
271 return pkey_protkey_hmac_attr_read(PKEY_KEYTYPE_HMAC_1024,
272 buf, off, count);
273 }
274
275 static BIN_ATTR_RO(protkey_aes_128, sizeof(struct protaeskeytoken));
276 static BIN_ATTR_RO(protkey_aes_192, sizeof(struct protaeskeytoken));
277 static BIN_ATTR_RO(protkey_aes_256, sizeof(struct protaeskeytoken));
278 static BIN_ATTR_RO(protkey_aes_128_xts, 2 * sizeof(struct protaeskeytoken));
279 static BIN_ATTR_RO(protkey_aes_256_xts, 2 * sizeof(struct protaeskeytoken));
280 static BIN_ATTR_RO(protkey_aes_xts_128, sizeof(struct protkeytoken) + 64);
281 static BIN_ATTR_RO(protkey_aes_xts_256, sizeof(struct protkeytoken) + 96);
282 static BIN_ATTR_RO(protkey_hmac_512, sizeof(struct protkeytoken) + 96);
283 static BIN_ATTR_RO(protkey_hmac_1024, sizeof(struct protkeytoken) + 160);
284
285 static struct bin_attribute *protkey_attrs[] = {
286 &bin_attr_protkey_aes_128,
287 &bin_attr_protkey_aes_192,
288 &bin_attr_protkey_aes_256,
289 &bin_attr_protkey_aes_128_xts,
290 &bin_attr_protkey_aes_256_xts,
291 &bin_attr_protkey_aes_xts_128,
292 &bin_attr_protkey_aes_xts_256,
293 &bin_attr_protkey_hmac_512,
294 &bin_attr_protkey_hmac_1024,
295 NULL
296 };
297
298 static struct attribute_group protkey_attr_group = {
299 .name = "protkey",
300 .bin_attrs = protkey_attrs,
301 };
302
303 /*
304 * Sysfs attribute read function for all secure key ccadata binary attributes.
305 * The implementation can not deal with partial reads, because a new random
306 * protected key blob is generated with each read. In case of partial reads
307 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
308 */
pkey_ccadata_aes_attr_read(u32 keytype,bool is_xts,char * buf,loff_t off,size_t count)309 static ssize_t pkey_ccadata_aes_attr_read(u32 keytype, bool is_xts, char *buf,
310 loff_t off, size_t count)
311 {
312 struct pkey_seckey *seckey = (struct pkey_seckey *)buf;
313 u32 buflen;
314 int rc;
315
316 if (off != 0 || count < sizeof(struct secaeskeytoken))
317 return -EINVAL;
318 if (is_xts)
319 if (count < 2 * sizeof(struct secaeskeytoken))
320 return -EINVAL;
321
322 buflen = sizeof(seckey->seckey);
323 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_CCA_DATA, 0, 0,
324 seckey->seckey, &buflen, NULL);
325 if (rc)
326 return rc;
327
328 if (is_xts) {
329 seckey++;
330 buflen = sizeof(seckey->seckey);
331 rc = sys_pkey_handler_gen_key(keytype, PKEY_TYPE_CCA_DATA, 0, 0,
332 seckey->seckey, &buflen, NULL);
333 if (rc)
334 return rc;
335
336 return 2 * sizeof(struct secaeskeytoken);
337 }
338
339 return sizeof(struct secaeskeytoken);
340 }
341
ccadata_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)342 static ssize_t ccadata_aes_128_read(struct file *filp,
343 struct kobject *kobj,
344 struct bin_attribute *attr,
345 char *buf, loff_t off,
346 size_t count)
347 {
348 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, false, buf,
349 off, count);
350 }
351
ccadata_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)352 static ssize_t ccadata_aes_192_read(struct file *filp,
353 struct kobject *kobj,
354 struct bin_attribute *attr,
355 char *buf, loff_t off,
356 size_t count)
357 {
358 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_192, false, buf,
359 off, count);
360 }
361
ccadata_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)362 static ssize_t ccadata_aes_256_read(struct file *filp,
363 struct kobject *kobj,
364 struct bin_attribute *attr,
365 char *buf, loff_t off,
366 size_t count)
367 {
368 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, false, buf,
369 off, count);
370 }
371
ccadata_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)372 static ssize_t ccadata_aes_128_xts_read(struct file *filp,
373 struct kobject *kobj,
374 struct bin_attribute *attr,
375 char *buf, loff_t off,
376 size_t count)
377 {
378 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_128, true, buf,
379 off, count);
380 }
381
ccadata_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)382 static ssize_t ccadata_aes_256_xts_read(struct file *filp,
383 struct kobject *kobj,
384 struct bin_attribute *attr,
385 char *buf, loff_t off,
386 size_t count)
387 {
388 return pkey_ccadata_aes_attr_read(PKEY_KEYTYPE_AES_256, true, buf,
389 off, count);
390 }
391
392 static BIN_ATTR_RO(ccadata_aes_128, sizeof(struct secaeskeytoken));
393 static BIN_ATTR_RO(ccadata_aes_192, sizeof(struct secaeskeytoken));
394 static BIN_ATTR_RO(ccadata_aes_256, sizeof(struct secaeskeytoken));
395 static BIN_ATTR_RO(ccadata_aes_128_xts, 2 * sizeof(struct secaeskeytoken));
396 static BIN_ATTR_RO(ccadata_aes_256_xts, 2 * sizeof(struct secaeskeytoken));
397
398 static struct bin_attribute *ccadata_attrs[] = {
399 &bin_attr_ccadata_aes_128,
400 &bin_attr_ccadata_aes_192,
401 &bin_attr_ccadata_aes_256,
402 &bin_attr_ccadata_aes_128_xts,
403 &bin_attr_ccadata_aes_256_xts,
404 NULL
405 };
406
407 static struct attribute_group ccadata_attr_group = {
408 .name = "ccadata",
409 .bin_attrs = ccadata_attrs,
410 };
411
412 #define CCACIPHERTOKENSIZE (sizeof(struct cipherkeytoken) + 80)
413
414 /*
415 * Sysfs attribute read function for all secure key ccacipher binary attributes.
416 * The implementation can not deal with partial reads, because a new random
417 * secure key blob is generated with each read. In case of partial reads
418 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
419 */
pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,bool is_xts,char * buf,loff_t off,size_t count)420 static ssize_t pkey_ccacipher_aes_attr_read(enum pkey_key_size keybits,
421 bool is_xts, char *buf, loff_t off,
422 size_t count)
423 {
424 u32 keysize = CCACIPHERTOKENSIZE;
425 int rc;
426
427 if (off != 0 || count < CCACIPHERTOKENSIZE)
428 return -EINVAL;
429 if (is_xts)
430 if (count < 2 * CCACIPHERTOKENSIZE)
431 return -EINVAL;
432
433 memset(buf, 0, is_xts ? 2 * keysize : keysize);
434
435 rc = sys_pkey_handler_gen_key(pkey_aes_bitsize_to_keytype(keybits),
436 PKEY_TYPE_CCA_CIPHER, keybits, 0,
437 buf, &keysize, NULL);
438 if (rc)
439 return rc;
440
441 if (is_xts) {
442 keysize = CCACIPHERTOKENSIZE;
443 buf += CCACIPHERTOKENSIZE;
444 rc = sys_pkey_handler_gen_key(
445 pkey_aes_bitsize_to_keytype(keybits),
446 PKEY_TYPE_CCA_CIPHER, keybits, 0,
447 buf, &keysize, NULL);
448 if (rc)
449 return rc;
450 return 2 * CCACIPHERTOKENSIZE;
451 }
452
453 return CCACIPHERTOKENSIZE;
454 }
455
ccacipher_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)456 static ssize_t ccacipher_aes_128_read(struct file *filp,
457 struct kobject *kobj,
458 struct bin_attribute *attr,
459 char *buf, loff_t off,
460 size_t count)
461 {
462 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
463 off, count);
464 }
465
ccacipher_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)466 static ssize_t ccacipher_aes_192_read(struct file *filp,
467 struct kobject *kobj,
468 struct bin_attribute *attr,
469 char *buf, loff_t off,
470 size_t count)
471 {
472 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
473 off, count);
474 }
475
ccacipher_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)476 static ssize_t ccacipher_aes_256_read(struct file *filp,
477 struct kobject *kobj,
478 struct bin_attribute *attr,
479 char *buf, loff_t off,
480 size_t count)
481 {
482 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
483 off, count);
484 }
485
ccacipher_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)486 static ssize_t ccacipher_aes_128_xts_read(struct file *filp,
487 struct kobject *kobj,
488 struct bin_attribute *attr,
489 char *buf, loff_t off,
490 size_t count)
491 {
492 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
493 off, count);
494 }
495
ccacipher_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)496 static ssize_t ccacipher_aes_256_xts_read(struct file *filp,
497 struct kobject *kobj,
498 struct bin_attribute *attr,
499 char *buf, loff_t off,
500 size_t count)
501 {
502 return pkey_ccacipher_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
503 off, count);
504 }
505
506 static BIN_ATTR_RO(ccacipher_aes_128, CCACIPHERTOKENSIZE);
507 static BIN_ATTR_RO(ccacipher_aes_192, CCACIPHERTOKENSIZE);
508 static BIN_ATTR_RO(ccacipher_aes_256, CCACIPHERTOKENSIZE);
509 static BIN_ATTR_RO(ccacipher_aes_128_xts, 2 * CCACIPHERTOKENSIZE);
510 static BIN_ATTR_RO(ccacipher_aes_256_xts, 2 * CCACIPHERTOKENSIZE);
511
512 static struct bin_attribute *ccacipher_attrs[] = {
513 &bin_attr_ccacipher_aes_128,
514 &bin_attr_ccacipher_aes_192,
515 &bin_attr_ccacipher_aes_256,
516 &bin_attr_ccacipher_aes_128_xts,
517 &bin_attr_ccacipher_aes_256_xts,
518 NULL
519 };
520
521 static struct attribute_group ccacipher_attr_group = {
522 .name = "ccacipher",
523 .bin_attrs = ccacipher_attrs,
524 };
525
526 /*
527 * Sysfs attribute read function for all ep11 aes key binary attributes.
528 * The implementation can not deal with partial reads, because a new random
529 * secure key blob is generated with each read. In case of partial reads
530 * (i.e. off != 0 or count < key blob size) -EINVAL is returned.
531 * This function and the sysfs attributes using it provide EP11 key blobs
532 * padded to the upper limit of MAXEP11AESKEYBLOBSIZE which is currently
533 * 336 bytes.
534 */
pkey_ep11_aes_attr_read(enum pkey_key_size keybits,bool is_xts,char * buf,loff_t off,size_t count)535 static ssize_t pkey_ep11_aes_attr_read(enum pkey_key_size keybits,
536 bool is_xts, char *buf, loff_t off,
537 size_t count)
538 {
539 u32 keysize = MAXEP11AESKEYBLOBSIZE;
540 int rc;
541
542 if (off != 0 || count < MAXEP11AESKEYBLOBSIZE)
543 return -EINVAL;
544 if (is_xts)
545 if (count < 2 * MAXEP11AESKEYBLOBSIZE)
546 return -EINVAL;
547
548 memset(buf, 0, is_xts ? 2 * keysize : keysize);
549
550 rc = sys_pkey_handler_gen_key(pkey_aes_bitsize_to_keytype(keybits),
551 PKEY_TYPE_EP11_AES, keybits, 0,
552 buf, &keysize, NULL);
553 if (rc)
554 return rc;
555
556 if (is_xts) {
557 keysize = MAXEP11AESKEYBLOBSIZE;
558 buf += MAXEP11AESKEYBLOBSIZE;
559 rc = sys_pkey_handler_gen_key(
560 pkey_aes_bitsize_to_keytype(keybits),
561 PKEY_TYPE_EP11_AES, keybits, 0,
562 buf, &keysize, NULL);
563 if (rc)
564 return rc;
565 return 2 * MAXEP11AESKEYBLOBSIZE;
566 }
567
568 return MAXEP11AESKEYBLOBSIZE;
569 }
570
ep11_aes_128_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)571 static ssize_t ep11_aes_128_read(struct file *filp,
572 struct kobject *kobj,
573 struct bin_attribute *attr,
574 char *buf, loff_t off,
575 size_t count)
576 {
577 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, false, buf,
578 off, count);
579 }
580
ep11_aes_192_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)581 static ssize_t ep11_aes_192_read(struct file *filp,
582 struct kobject *kobj,
583 struct bin_attribute *attr,
584 char *buf, loff_t off,
585 size_t count)
586 {
587 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_192, false, buf,
588 off, count);
589 }
590
ep11_aes_256_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)591 static ssize_t ep11_aes_256_read(struct file *filp,
592 struct kobject *kobj,
593 struct bin_attribute *attr,
594 char *buf, loff_t off,
595 size_t count)
596 {
597 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, false, buf,
598 off, count);
599 }
600
ep11_aes_128_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)601 static ssize_t ep11_aes_128_xts_read(struct file *filp,
602 struct kobject *kobj,
603 struct bin_attribute *attr,
604 char *buf, loff_t off,
605 size_t count)
606 {
607 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_128, true, buf,
608 off, count);
609 }
610
ep11_aes_256_xts_read(struct file * filp,struct kobject * kobj,struct bin_attribute * attr,char * buf,loff_t off,size_t count)611 static ssize_t ep11_aes_256_xts_read(struct file *filp,
612 struct kobject *kobj,
613 struct bin_attribute *attr,
614 char *buf, loff_t off,
615 size_t count)
616 {
617 return pkey_ep11_aes_attr_read(PKEY_SIZE_AES_256, true, buf,
618 off, count);
619 }
620
621 static BIN_ATTR_RO(ep11_aes_128, MAXEP11AESKEYBLOBSIZE);
622 static BIN_ATTR_RO(ep11_aes_192, MAXEP11AESKEYBLOBSIZE);
623 static BIN_ATTR_RO(ep11_aes_256, MAXEP11AESKEYBLOBSIZE);
624 static BIN_ATTR_RO(ep11_aes_128_xts, 2 * MAXEP11AESKEYBLOBSIZE);
625 static BIN_ATTR_RO(ep11_aes_256_xts, 2 * MAXEP11AESKEYBLOBSIZE);
626
627 static struct bin_attribute *ep11_attrs[] = {
628 &bin_attr_ep11_aes_128,
629 &bin_attr_ep11_aes_192,
630 &bin_attr_ep11_aes_256,
631 &bin_attr_ep11_aes_128_xts,
632 &bin_attr_ep11_aes_256_xts,
633 NULL
634 };
635
636 static struct attribute_group ep11_attr_group = {
637 .name = "ep11",
638 .bin_attrs = ep11_attrs,
639 };
640
641 const struct attribute_group *pkey_attr_groups[] = {
642 &protkey_attr_group,
643 &ccadata_attr_group,
644 &ccacipher_attr_group,
645 &ep11_attr_group,
646 NULL,
647 };
648